Google’s new Chrome extension rules improve privacy and security

Google has announced several rules aimed at making Chrome extensions safer and more trustworthy. Many extensions request blanket access to your browsing data, but you’ll soon have the option to whitelist the sites they can view and manipulate, or opt to grant an extension access to your current page with a click. That feature is included in Chrome 70, which is scheduled to arrive later this month and includes other privacy-focused updates.

As of Monday, developers can no longer submit extensions that include obfuscated code. Google says 70 percent of malicious and policy-violating extensions use such code. More easily accessible code should speed up the review process too. Developers have until January 1st to strip obfuscated code from their extensions and make them compliant with the updated rules.

Additionally, there will be a more in-depth review process for extensions that ask you for “powerful permissions,” Google says. The company is also more closely monitoring those with remotely hosted code.

Next year, developers will need to enable two-step verification on their Chrome Web Store accounts. Google also plans to introduce an updated version of the extensions platform manifest, with the aim of enabling “stronger security, privacy and performance guarantees.” Google says half of Chrome users actively employ extensions, so the changes could make browsing the web more secure for millions of people.